* Howard Chu (hyc@symas.com) [040730 02:28]:
> I don't think that's the main purpose of the LDAP-enabled KDC,
what is the main purpose? please enlighten me. (c:
> >But people tell me that this idea is against the spirit of
> >kerberos. (An alternative idea for MIT Kerberos would be ssh keys
> >without passphrases for every server and automatic distribution
> >over ssh.)
>
> And then you've solved your Kerberos key distribution problem by turning
> it into an ssh key distribution problem. Not exactly a step forward.
i agree. and at least ldap is *designed* to distribute
information in the network, while ssh is not.
> In all of the available security solutions you always have a
> bootstrapping problem. I guess using SSL may be the easiest approach -
> you can distribute the CA certificate over a cleartext session, and then
> use secure sessions from then on. This assumes that no one is spoofing
> your cleartext LDAP service and substituting their own CA cert in the
> stream, of course. Otherwise, the only sure way to bootstrap is to
> physically transport (e.g., CF
CF?
> or floppy disk) a trusted cert to every
> client machine and load it manually.
why would a stolen certificate, transmitted in the clear be no
problem? would you encode some special info (which? the server`s
IP?) into the SubAltName to make it worthless for the thief?
the initial cert could be valid for a very short time (the
bootstrap process), but that would just decrease the time window
for an attack.
Would you move/copy the servers` private keys (which were needed to
generate there servers` certs) onto the servers once a privat
channel is established?